Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Buyer's Guides

Best API security testing tools

A practical, no-hype comparison of API security testing tools — from OWASP ZAP to Salt Security — covering REST/GraphQL coverage, posture management, and real tradeoffs.

Nov 9, 20258 min read
Incident Analysis

The XZ Utils backdoor: anatomy of a supply chain attack

A two-year maintainer-trust takeover placed a pre-auth SSH backdoor inside xz-utils. Heres how CVE-2024-3094 was built, hidden, and caught in time.

Nov 8, 20257 min read
Buyer's Guides

Best container base image hardening tools

A buyer's guide to container base image hardening tools -- comparing Chainguard, Distroless, DockerSlim, Red Hat UBI, Wolfi, and Bitnami on real strengths and limitations.

Nov 8, 20259 min read
Incident Analysis

Codecov Bash Uploader supply chain breach

A look back at the 2021 Codecov Bash Uploader breach: how a tampered CI script exfiltrated secrets for two months, and what it teaches about supply chain risk.

Nov 8, 20257 min read
Buyer's Guides

Best pull request and code review security automation tools

A candid buyer's guide to pull request security automation tools — evaluation criteria, six real vendors compared, and where Safeguard fits in your stack.

Nov 8, 20257 min read
Industry Analysis

Prototype Pollution in JavaScript Applications

Prototype pollution has hit lodash, jQuery, and minimist with real CVEs, from DoS to RCE. Here's how the bug works and how Safeguard catches it before it ships.

Nov 8, 20257 min read
Buyer's Guides

Best dependency update automation tools

A practical buyer's guide to dependency update automation tools -- what to evaluate, and how Dependabot, Renovate, Snyk, Socket, and others really compare.

Nov 8, 20258 min read
Industry Analysis

ReDoS: Regular Expression Denial of Service Attacks

ReDoS took down Cloudflare's global network for 27 minutes in 2019 and Stack Overflow in 2016. Here's how one bad regex causes an outage, and how to catch it first.

Nov 8, 20258 min read
Buyer's Guides

Best software supply chain attack simulation and red team...

A practical, no-hype comparison of supply chain attack simulation tools for red teams -- what to evaluate, six real vendors reviewed, and where Safeguard fits in.

Nov 7, 20258 min read
Incident Analysis

PHP Git server compromise incident (2021)

In 2021, attackers pushed a hidden RCE backdoor into PHP's own source repo under forged maintainer names — a supply chain near-miss worth revisiting.

Nov 7, 20258 min read
Incident Analysis

Colors.js and Faker.js maintainer sabotage incident

In January 2022, colors.js and faker.js maintainer Marak Squires sabotaged his own packages, breaking thousands of builds—no compromise required.

Nov 7, 20257 min read
DevSecOps

Best DevSecOps platforms for shift-left security

A fair, no-hype comparison of DevSecOps platforms — GitLab, GitHub, Snyk, Wiz, JFrog, and Checkmarx — plus what to evaluate for real shift-left security.

Nov 7, 20258 min read
supply-chain-security (Page 68) — Safeguard Blog